GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,081 advisories
Filter by severity
silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)
High
GHSA-xc69-p8fc-m6m5
was published
for
silverstripe/subsites
(Composer)
May 28, 2024
silverstripe/taxonomy SQL Injection vulnerability
High
GHSA-p2v5-xcqm-4fv6
was published
for
silverstripe/taxonomy
(Composer)
May 28, 2024
silverstripe/graphql Cross-Site Request Forgery vulnerability
High
GHSA-wjg9-v8cf-f5q2
was published
for
silverstripe/graphql
(Composer)
May 28, 2024
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
High
GHSA-265q-222x-52m6
was published
for
silverstripe/framework
(Composer)
May 28, 2024
silverstripe/framework has possible denial of service attack vector when flushing
High
GHSA-cwgq-83w5-8jfq
was published
for
silverstripe/framework
(Composer)
May 28, 2024
silverstripe/framework allows upload of dangerous file types
High
GHSA-vcg6-8fxc-x5cq
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework code execution vulnerability
High
GHSA-vgxh-x8jv-hmff
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework BackURL validation bypass with malformed URLs
High
GHSA-m5q3-mvcr-gc5m
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework SQL injection in full text search
High
GHSA-xx4r-5265-48j6
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework CSV Excel Macro Injection
High
GHSA-mqjc-x563-c9q8
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
High
GHSA-7m2v-x7rg-5hm5
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session
High
GHSA-4qx8-j9vh-2628
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Silverstripe X-Forwarded-Host request hostname injection
High
GHSA-25gq-jvx2-vg9x
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe SiteTree Creation Permission Vulnerability
High
GHSA-3mm9-2p44-rw39
was published
for
silverstripe/cms
(Composer)
May 22, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
High
GHSA-9phw-7h96-q3rv
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
High
GHSA-h6mp-mc7g-mg49
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
robrichards/xmlseclibs XPath injection
High
GHSA-2g98-f9jv-w8c5
was published
for
robrichards/xmlseclibs
(Composer)
May 20, 2024
Passbolt API Stored XSS on first/last name during setup
High
GHSA-2f46-4xjm-73x5
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Passbolt Api Remote code execution
High
GHSA-cv5c-2qv5-w2m2
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values
High
GHSA-r2r8-36pq-27cm
was published
for
nzo/url-encryptor-bundle
(Composer)
May 17, 2024
Cross-site Scripting vulnerabilities in Neos
High
GHSA-6cj3-rc4p-f38f
was published
for
neos/neos
(Composer)
May 17, 2024
Neos Information Disclosure Security Note
High
GHSA-3c5g-73f7-grvm
was published
for
neos/neos
(Composer)
May 17, 2024
namshi/jose insecure JSON Web Signatures (JWS)
High
GHSA-hxhc-wmg8-xrqf
was published
for
namshi/jose
(Composer)
May 17, 2024
laravel framework SQL Injection via limit and offset functions
High
GHSA-wq8p-mqvg-2p5h
was published
for
laravel/framework
(Composer)
May 15, 2024
laravel framework Unexpected database bindings via requests
High
GHSA-jwvj-pwww-3mj5
was published
for
laravel/framework
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API